Debian: slocate arbitrary code execution vulnerability
Summary
A problem has been discovered in slocate, a secure locate replacement.
A buffer overflow in the setuid program slocate can be used to execute
arbitrary code as superuser.
For the stable distribution (woody) this problem has been
fixed in version 2.6-1.3.1.
The old stable distribution (potato) is not affected by this problem.
For the unstable distribution (sid) this problem has been fixed in
version 2.7-1.
We recommend that you upgrade your slocate package immediately.
Upgrade Instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody
Source archives:
Size/MD5 checksum: 550 9ade1dcc6d5185c9acddd8b487d5d28b
Size/MD5 checksum: 7058 a7ac6632dc02e1e26ad9f5cb462cced7
Size/MD5 checksum: 69213 08b1902323d686130a6daaca1fac61fc
Alpha architecture:
Size/MD5 checksum: 28100 44eccd6ca90b61996b50eb396456f798
ARM architecture:
Size/MD5 checksum: 25290 52d54dacf94f35519fbfb8d5a2ebd8a9
Intel IA-32 architecture:
Size/MD5 checksum: 24788 9c9121191ee8ce7321bda76b3bb0c8fa
Intel IA-64 architecture:
Size/MD5 checksum: 31100 039ee8d8218e953d51a3514d9318f2d6
HP Precision architecture:
Size/MD5 checksum: 26822 0ad73800a4c0c19518cad0aa3768f1c6
Motorola 680x0 architecture:
Size/MD5 checksum: 24338 2eb37c351a989dd14d9ad84fe6f3176b
Big endian MIPS architecture:
Size/MD5 checksum: 25656 85426c291c393fec878012afdcf85aaf
Little endian MIPS architecture:
Size/MD5 checksum: 25592 fabe9486658781a7584a583e07370442
PowerPC architecture:
Size/MD5 checksum: 25658 08a2aa276b88ed5335c2e0ff8650c696
IBM S/390 architecture:
Size/MD5 checksum: 25710 956dbf8e147bd1f31ffa3fa43c3e31d4
Sun Sparc architecture:
Size/MD5 checksum: 27604 10aa9aff27a87f88d78b57b33ae5b2d5
These files will probably be moved into the stable distribution on
its next revision.
For apt-get: deb Debian -- Security Information stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show